Identifying Risks from Cyber Fraud
By Linda Pierce Advocacy Leader, Gallagher Regional Claims | December 30, 2018
Cyber scammers have no reservations about checking into your hotel.
Imagine this scenario: your accounting department receives an email from a vendor revising the payment instructions for an invoice that is due. The email provides information about where the payment should be wired, and your employee wires the payment on time. Days later, the vendor contacts your accounting department and requests the payment. Upon investigation, you learn that your business has been victimized by a fraudulent scam. Not only was the money sent to the fraudster, your business still owes the true vendor the amount it is due.
Now, picture another scenario: an employee receives an email from senior management requesting that a wire transfer be processed so that a large equipment purchase can be completed. The employee dutifully processes the wire transfer to an account with a foreign bank. Later that day, the employee runs into the manager who initiated the request and mentions the transaction was completed. The manager expresses confusion and realizes that the company has been defrauded.
For many businesses, these scenarios are a reality. The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center, reported in May 2018 that losses from Business Email Compromise (BEC) in 2017 jumped to over $675 million, an 87 percent increase from 2016's losses of $360 million. These figures do not take into consideration those losses that remain unreported.
A BEC is when the security of an organization's legitimate email account is breached, thereby allowing fraudsters to gain an understanding of financial transactions typically processed by the organization and to identify those employees who are essential to the transactions. Fake email accounts are then created to appear to be legitimate. Typically, fake email addresses will differ in subtle ways from legitimate email addresses and will not be discernable to the recipient. For example, email addresses will be off by one similar looking letter, replace "_" with ".", or have a slight difference that is imperceptible at first glance.
Social engineering fraud is the use of deception to induce individuals into divulging confidential information or engaging in detrimental activity, usually with consequences that harm financial interests, security or privacy concerns. A BEC is one type of social engineering fraud. Social engineering is so effective for fraudsters because it takes advantage of the primary tools of employment – computers and email. Employees' use of electronic data and computer-based communication as a way to perform their jobs, coupled with human beings' propensity to trust, combine to form the perfect platform for fraud.
The Hotel Business Review articles are free to read on a weekly basis, but you must purchase a subscription to access
our library archives. We have more than 5000 best practice articles on hotel management and operations, so our
knowledge bank is an excellent investment! Subscribe today and access the articles in our archives.